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2 TERMS AND DEFINITIONS 



This specification defines the following terms: 

• Set top box control plane - a interactive video system function comprised of the set of 
messages, services, protocols and network elements necessary to enable the control 
and management of interactive video services 

• DOCSIS-Enabled Set-top Box (DE-STB) - Customer premise equipment (CPE) 
providing subscription and pay-per-view broadcast television services and interactive 
TV services. 

• Embedded Cable Modem (eCM) - A DOCSIS cable modem that is integrated into the 
DE-STB. 

• Embedded Set-top Box (eSTB) - The portion of the DE-STB device that supports the 
application environment. This is equivalent to an OC STB Host. 

• Network Controller - This is the computer system responsible for managing the set- 
top terminals or Hosts within a cable system. It manages set-top terminals or Hosts 
through control and information messages sent via a dedicated Out-Of-Band channel. 

• DSG Tunnel - This is an IP datagram stream originating at the DOCSIS Set-top 
Gateway and carrying Out-Of-Band messages intended for DE-STB. It is carried over 
the downstream DOCSIS channel and is identified by a well know MAC address. The 
well-known unicast MAC addresses are unique and published by the C A/POD 
provider. Multiple DSG tunnels may exist on a single downstream DOCSIS channel. 

• Out-Of-Band Messaging -The control and information messages sent from the 
Network Controller to one or more set-top terminals or Hosts requiring a dedicated 
channel constitute Out-Of-Band Messaging. This includes the following types of 
messages: 

• Conditional Access (CA) messages including entitlements 

• System Information (SI) messages 

• Electronic Program Guide (EPG) messages 

• Emergency Alert System (EAS) messages 

• Other generic messages 

• OAM&P Network - The existing network from the STB supplier that is used to 
provision, manage, and secure STBs over the Out-of-Band channel, including the 
Impulse Pay Per View (IPPV) service. 

• Application Network - A network that offers interactive two-way applications to 
STBs. 



3 ABBREVIATIONS AND ACRONYMS 

This specification uses the following abbreviations: 



DE-STB DOCSIS Enabled-STB, e.g., using DSG for one-way OOB traffic and 

DOCSIS for interact! vity. 

ACL Access Control List 

BPI Baseline Privacy Interface 

CA Conditional Access 

CableCARD™ Removable/Replaceable security card, previously known as POD 

CM Cable Modem 

CMM Cable Modem Module 

CMTS Cable Modem Termination System 

CPE Customer Premises Equipment 

DE-STB DOCSIS Enabled Set Top Box 

DDNS Dynamic Domain Name System 

DOCSIS Data Over Cable Service Interface Specifications 

DOCSIS-CP DOCSIS Control Plane 

DNS Domain Name System 

DSG DOCSIS Set Top Gateway 

DTD DSG Tunnel Descriptor 

DVS Digital Video Subcommittee 

eCM Embedded Cable Modem entity 

eSTB Embedded Set-top Box entity 

EAS Emergency Alert System 

EPG Electronic Program Guide 

FCC Federal Communications Commission 

HFC Hybrid Fiber Coax 

HHP Households passed 

HSD High Speed Data 

IP Internet Protocol 

IPSec Secure Internet Protocol 

IPPV Impulse Pay Per View 

LLC Logical Link Control 

MAC Media Access Control 

MIB Management Information Base 

MSO Multiple System Operator 

MTA Multimedia Terminal Adaptor 

MTU Maximum Transmission Unit 

NVRAM Non volatile random access memory 

OAM&P Operations, Administration, Maintenance and Provisioning 



OCAP 


OpenCable™ Application Platform 


OOB 


Out-Of-Band 


PCMCIA 


Personal Computer Memory Card International Association 


PPY 


Pay Per View 


QoS 


Quality of Service 


SCTE 


Society of Cable Telecommunications Engineers 


SI 


System Information 


SID 


Service ID 


SNMP 


Simple Network Management Protocol 


STB 


Set-top Box 


STB-CP 


Set-top Box Control Plane 


TCP 


Transmission Control Protocol 


UDP 


User Datagram Protocol 


VOD 


Video on Demand 


VoIP 


Voice over IP 




4 IP-BASED SET TOP BOX CONTROL PLANE ARCHITECTURE 

4.1 Key Decision Drivers, Scope, and Constraints 

The legacy STB control plane communication system supports two-way messaging 
between the STB and the headend. In the event the control plane's return path is removed, 
and indeed if the control plane's forward path is removed (limited to a couple of days), the 
STB remains substantially functional. 

The new architecture will enable Comcast to transition from the legacy STB transport 
system to a next-generation transport system. The new architecture must be functionally 
transparent to the legacy headend network environment from an operations and services 
standpoint. In addition, the new architecture should meet the service needs of the operator 
for the foreseeable future. 

The goals of the new architecture are: 

1. Migrate the traditional OOB messaging from its physically separate transport (the 
OOB QPSK modulated channel) to DOCSIS forward path transport and eliminate 
the use of the OOB QPSK. 

2. Migrate interactive STB application traffic from the legacy transport channels 
(OOB + legacy return) to using the forward and return path DOCSIS channels. 

The following key decisions and constraints bound the architecture. 

1 . DOCSIS CM enabled set-top boxes (i.e. DE-STB) must be certified by CableLabs 
as compliant to applicable CableLabs specifications (e.g., DOCSIS, DSG, 
OpenCable, etc.) (except that an external LAN port will not be required). 

2. The legacy OAM&P network must be secured from attack. Prior to this design, 
the OAM&P network was not accessible to unauthorized users or agents. In this 
DOCSIS-CP STB architecture, the OAM&P network could be exposed to 
Internet-based attacks unless appropriate security concerns are taken. 

3. In the event of no return path availability, e.g., when the plant is in 1-way 
operation, the DOCSIS-CP STB system must continue to provide service to the 
DE-STBs in the same manner the legacy OAM&P network does in 1-way 
operation. 

4. The DE-STB may utilize DOCSIS channels for OOB messaging as well as other 
IP-based services, e.g., HSD and VoIP. 

5. The DOCSIS-CP STB architecture will enable the device provisioning system to 
respond with the right BP address and configuration file for the CM embedded in 
the DE-STB. It is likely that devices will be provisioned into unique subnets (e.g. 
one for CMs embedded in DE-STBs and another CMs for broadband data 
services). 
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6. A DOCSIS MAC domain has a current limit of 8,191 unicast Service ID's (SDDs). 
Adding DE-STBs to a CMTS - while consuming minimal amounts of bandwidth - 
will consume SIDs. The maximum possible range of unicast SIDs must be 
available in the CMTS. 

7. The DE-STB will be on-line at all times (as long as it is powered up and 
connected to the cable network). The eCM in DE-STB will be active at all times 
and will not go into any sort of "dormant mode" (for example, the eCM cannot 
take itself off-line due to lack of activity on the downstream port). 

8. When the cable plant is operating in one-way mode (e.g., the return path is lost), 
the DE-STB will retain functionality including the ability to receive code 
downloads (except in the case of secure software downloads). 

9. Certain traffic types from the legacy OAM&P network will utilize unicast IP (e.g., 
IPPV polls and responses) and will be carried outside of the DSG tunnels. 

4.2 STB-CP Architecture Phases 

In order to manage the transition from the legacy network to the STB-CP architecture, the 
following phases are included: 

STB-CP solution that makes use of DSG: 

- embedded security (no CableCARD) 

- noOCAP 

- eCM (following eDOCSIS guidelines) 

- two MAC addresses (eCM and eSTB) 

- two IP stacks (eCM and eSTB) 

- shared or separate SNMP agent (separate preferred) 

- monolithic software image 

- vendor proprietary STB software download 

- vendor proprietary STB operations (e.g., time sync) 

- use CM configuration file to configure both eCM and eSTB 

- SNMPvl/v2cforeSTB 

- Basic DE-STB MEB support, including MlB-n 

- DOCSIS LI hardware in DE-STB 

- Relay Router to forward traffic from the network to CMTS-DSG 

- OAMP IPPV messages sent unicast to DE-STB (not in DSG tunnel) 

- DSG Tunnel Descriptor (DTD) message used as both 1 pps heartbeat from CMTS and 
to identify the DSG tunnels on that downstream 

- potentially use IP Multicast to forward traffic to the CMTS-DSG 
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Increased functionality; converged operations: 

- CableCARD (based on FCC regulations) 

- enable OCAP (application download) 

- CMM (may be more applicable for CE devices) 

- Separate DE-STB configuration file more fully defined 

- Ability to have separate CM and STB software images 

- support for both in-band DSM-CC carousel and DOCSIS secure software download 
to load a new operating image on the DE-STB 

- enable having an in-band software download carousel (not DSG tunnel) 

- migrate to more IP-centric operations (e.g., get time sync from TOD) 

- define detailed DE-STB MEB support, including a standard DE-STB MIB 

- DOCSIS 2.0 Hardware in DE-STB 

- In CMTS, more granular DSG functionality including per downstream control 

Increased IP functionality, converged operations: 

- converge CM and DE-STB operations around common model 

- DSG Tunnel Descriptor (DTD) messages on CMTS and DE-STB supporting tunnel 
address learning from the network. 

- SNMPv3 and SNMP Coexistence 
4.3 Overall Architecture 

Two separate networks exist today, the Video network and the HSD network. These 
networks do not intersect; they run in parallel separated in the frequency domain on the 
shared HFC medium as shown in the figure below. 
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HSD Back-office 



Figure 1. Existing Video and HSD Networks 

The video network is comprised of two separate networks, the OAM&P network and the 
Application network. The OAM&P network is used to manage STBs, e.g. to authorize 
STBs for various services, to collect IPPV purchases, and to commence the download of 
STB code objects. This network uses both one-way and two-way messages. The* 
Application network is used to provide applications such as VoD and interactive TV 
services. This network requires a two-way connection between the Application network 
and the STB. 

The common element of the Video and HSD networks is they both utilize transport over 
the HFC cable network; however, that transport is frequency division multiplexed and 
never mixes above the physical layer. 

The video network is closed to all but MSO operations personnel and systems, and solely 
provides the functions needed to manage STBs for video service. The HSD network is 
connected to the Internet and provides subscribers access to services and content. 
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Figure 2. Integrated System Diagram 

In the new architecture, video control plane messages that originally used the legacy STB 
transport on the HFC network will use a DOCSIS connection in the DE-STB for 2-way 
interactivity. DOCSIS is not synonymous with the Internet; rather, DOCSIS provides a 
Link Layer interactive connection between the home and the CMTS in the headend- 
Additional detail of the application and OAM&P networks, with STB-CP implemented, 
is provided below. 
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Figure 3. Application and OAM&P networks with STB-CP implemented 

The connection between the STB controller and VOD controller and the CMTS carries 
the following types of messages: 

1 . One-way messages from the legacy OAM&P network that are destined for the 
DSG entity on the CMTS. This information is traditionally carried on the legacy 
OOB channel. With DSG these messages are carried via IP packets to the CMTSs 
and placed inside the DSG tunnel. 

2. Two-way messages from the legacy OAM&P network are sent as unicast IP 
between the STB Controller and DE-STB, e.g., IPPV polls and responses. These 
messages are not carried inside a DSG tunnel. 

3. Interactive application traffic, e.g., VOD. These messages are not carried inside 
the DSG tunnel. 

As all communication between the controllers and CMTS are via IP packets, the 
"connection" between the controllers and CMTSs is effectively one or more IP 
forwarding hops. 



11 



Certain interactive applications may require a name to IP resolution service in order to 
map a STB unit address or name to the device's current IP address. Thus, the network 
may also provide DNS service. 

The CMTS DSG functionality is now detailed. The CMTS receives IP Packets carrying 
DSG messages and places them into Ethernet frames. The DSG packet's destination IP 
address is then used to determine the appropriate destination MAC address (i.e. DSG 
tunnel). These frames are then placed onto the forward path(s) per normal DOCSIS link 
layer MAC rules. This is shown in the diagram below. 



To Gateway 




HFC 



To CMTS 
aggregation 
network 
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Figure 4. DSG tunnel detail 

The DSG entity only exists in the CMTS. DSG tunnels only exist on the DOCSIS 
forward path. 

The DSG will support up to 4 Conditional Access (CA) systems. For each CA, the DSG 
will support up to eight DSG tunnels (MAC addresses). Each DSG tunnel will be 
associated with a one or more BP address such that packets sent to these DP addresses will 
be mapped to the corresponding DSG tunnel. 

The DE-STB includes both Embedded STB (eSTB) and Embedded Cable Modem (eCM) 
functional entities as shown in the figure below. In Phase 1, the eCM and eSTB share 
both hardware and a monolithic code image. In Phase 1, the eCM is fully compliant with 
DOCSIS 1.1 with two main exceptions: 

1. code download will use the legacy STB code download transport. 

2. specific rules are placed on the eCM in the event of losing two-way 
communications with the CMTS. 



In Phase 1, the DE-STB will use embedded security. 
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Figure 5. DE-STB Functional Detail 



4.4 Description of Functional Components 
4.4.1 Video Networks 
4.4.1.1 OAM&P Network 

The OAM&P network generates messages to be delivered to the DE-STB population. 
There are two types of messages: 

1. One-way messages destined to the DE-STBs, for which no response is needed. 
These messages can be broadcast, multicast, or unicast. These messages range 
from a time message to enabling a DE-STB to decode premium channels. 

2. Messages destined to the DE-STBs for which a response is requested, specifically 
the polling of "store and forward" IPPV purchasing data. If the return path is 
unavailable, the DE-STB will not be able to respond; however, the OAM&P 
network will still send messages requesting information from the DE-STB. The 
DE-STB will attempt to respond with the information and the CMTS will forward 
this message to the network. 

An OAM&P network is associated with a particular Conditional Access system. A 
proposal has been made to modify the DSG specification such that he DSG function on 
the CMTS is required to support up to 4 CA systems, meaning that OAM&P networks 
from up to 4 suppliers may be present on the network. 

STB-CP systems must be able to operate with full functionality and performance without 
requiring the presence of legacy OOB/return path communications infrastructure. 



4.4.1.2 STB Controller-to-HSD Network Interface 

This is the connection between the OAM&P functional entities and the network. This 
interface is part of the DE-STB Controller and generates two types of unicast IP packets: 

1 . destined for a DSG on a CMTS 

2. destined for an individual DE-STB, 

DP Multicast may be used for messages destined to a DSG entity on a CMTS. 

This interface can transit a maximum of 2 Mbps from the STB controller to the CMTS. If 
the interface has less than 2 Mbps to send, it must not "pad" the output to 2 Mbps, rather, 
sending less than 2 Mbps is allowed. 

4.4.1.3 Application Network 

In the legacy architecture, application messages are two-way between the STB and the 
application network and are carried over the legacy communications channels. 

In the STB-CP architecture, application messages are carried on the normal DOCSIS 
forward and return paths. These messages go through the network and are layer 3 
forwarded to the appropriate application server or STB, depending on direction. 

4.4.2 CMTS 

4.4.2.1 Layer 3 Forwarding 

Each CMTS will be configured with a DSG specific IP subnet on the HFC interface. DSG 
packets will be sent to an IP address within this subnet. The CMTS, upon receiving a 
DSG packet, performs standard layer 3 processing of the DSG packet, and then forwards 
the packet, with the appropriate destination DSG tunnel MAC address, into the HFC 
network. 

If multicast is being used to deliver DSG packets, the CMTS will be configured as if an 
IGMP JOIN was received on the HFC interface for the DSG multicast address. Standard 
BP processing and forwarding is performed on this traffic as well. 

4.4.2.2 DSG 

The DSG function in the CMTS must comply with [DOCSIS4], including support for the 
DTD message. 

The DSG receives packets from the STB controller, places them in DOCSIS frames 
addressed to well-know MAC addresses, and forwards them onto the DOCSIS 
downstream channel. 

The DSG is required to support up to 4 CA systems. For each CA system, up to eight 
destination Ethernet MAC addresses must be supported. The mapping of messages from 
the CA system (OAM&P network) to the MAC addresses is CA supplier specific. 

As a default, there is one DSG entity per CMTS chassis and all messages from the DSG 
will be forwarded onto every DOCSIS downstream interface on that chassis. For finer 



14 



granularity, there can be separate DSG entities per card in the CMTS chassis and/or 
separate DSG entities per MAC domain on each card. 

4.4.2.3 DOCSIS 

The CMTS will be used to reserve up to 2 Mbps for a DSG/CA message group. DSG 
traffic may be prioritized on the forward path. 

The DOCSIS return path must be used for interactive messages from the DE-STB. The 
eCMs in the DE-STBs are configured using normal DOCSIS methods, explained in more 
detail in the provisioning section of this document. 

This DSG architecture takes into account that all types of service messages will share the 
DOCSIS link layer network, including HSD, VoIP and STBs. 

The CMTS must be able to reliably identify and isolate upstream messages destined for 
the Video network, directing them to the Video controller. 

Neither legacy OOB nor legacy return channels are included as part of this architecture, 
although they will continue to operate for some time to support legacy STBs during the 
transition from legacy operation to STB-CP operation.. 

A DOCSIS MAC domain has a current limit of 8,191 unicast Service IDs (SIDs). The 
CMTS must support the full number of unicast SIDs as these may be needed to support 
HSD, VoIP, and DE-STBs, as well as other future devices. 

4.4.3 Advanced Set Top Box 

The Phase 1 DE-STB is comprised of the following functional entities: 

- Embedded STB (with embedded Security) 

- Embedded CM 

The eCM and eSTB implement functionality that is specific to a STB-CP system. 
In Phase 1, the eCM and eSTB share both hardware and a monolithic code image. 

4.4.3.1 Embedded STB Entity 

The eSTB entity is logically separate from the eCM that is embedded in that DE-STB. 
The eSTB will receive a separate DP address from that of the CM. 

The DE-STB will host applications approved by Comcast, This environment may 
eventually migrate to OCAP. Until OCAP is deployed, the following application 
considerations are given. 

- DE-STB applications should be adjusted to take advantage of DOCSIS network 
properties. 

- Applications that have taken artificial measures to match underlying legacy network 
MTU sizes should adjust to take advantage of DOCSIS MTU sizes. 

- Applications that have taken their own steps to ensure reliable message delivery 
should consider taking advantage of TCP for this function. 
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- DE-STBs that support non-native applications should include TCP/IP stacks. 

- Applications that have taken artificial measures to deal with excessive latency based 
on legacy communications should take advantage of the lower latency provided by the 
DOCSIS link layer. 

- Applications that use legacy naming services must use DNS. 

4.4.3.2 Embedded CM Entity 

The eCM should follow logical interface guidelines as defined in the eDOCSIS 
specification. 

DSG messages flow through the eCM follows the rules for any data traffic that traverses 
the CM. That is, before the DSG frames are forwarded to the eSTB, normal CM LLC and 
IP layer filters are applied. 

The eCM is instructed to filter the downstream DOCSIS channel for up to 8 destination 
MAC addresses. When matching frames are found, they are forwarded to the eSTB for 
further processing. Before forwarding to the eSTB, a specified number of header Bytes 
can be stripped from each frame. 

4.4.3.3 CableCARD Entity 

Phase 1 will use Embedded Security. CableCARD will be introduced in a later Phase. 

With Embedded Security, all aspects of the video conditional access system, with the 
possible exception of a smartcard for the key exchange algorithm, are embedded in the 
eSTB. The CableCARD is typically a PCMCIA form-factor replaceable module that 
contains all aspects of the video conditional access system. 

4.5 Network Design Considerations 

4.5.1 General Considerations 

In the STB-CP architecture, a single physical DHCP complex is used. An alternative 
would have been to use separate DHCP servers for HSD and the DE-STB. Rather, this 
partitioning will be handled logically. 

Two DNS servers will be used; the normal HSD DNS server and a new STB-CP DNS 
server. The STB-CP DNS server will allow STB applications to resolve names within the 
Comcast video application network. When the eSTB boots, it gets an IP address from the 
DHCP server and provides, via a DHCP option, identifying information destined for the 
DNS server in the Gateway to the application network. 

4.5.2 Migrating Legacy Network Traffic Flows to DSG 

There are three general types of traffic flows on the legacy network. 

1. OAM&P network one-way messages from the headend to STB 

2. OAM&P network two-way messages, e.g., IPPV polls and response 
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3. Application network two-way messages, e.g., VOD client/server messaging 

Each of these flow types has to be accounted for on the DSG architecture as will be 
explained in the following sections. 

4.5.2.1 OAM&P One-Way messages (EPG, SI, Entitlements, etc.) 

These messages are from the headend to the DE-STB only, there is no reply from the DE- 
STB. These messages are the only legacy network messaging to be carried in the DSG 
tunnels. 

The following is a description of how the message flow, including addressing, occurs on 
the STB-CP architecture. 

1. The DE-STB Controller generates a payload with application layer addressing that 
targets the message to a specific DE-STB or group of DE-STBs (DE-STB Unit 
ED, DE-STB serial number, etc.). 

2. The DE-STB Controller wraps the payload in an BP packet. 

3. This packet will be Layer 3 forwarded from the OAMP network towards the 
CMTS. The CMTS will Layer 3 forward the packet to the proper DSG tunnel. 

4. When on the forward path DSG tunnel, the IP packet will still carry a source IPA 
of the DE-STB Controller and destination IP address of the DSG tunnel. 

5. This packet will be in an Ethernet frame with a source MAC address of the CMTS 
downstream interface and the destination MAC will be the DSG tunnel. 

6. The eCM bridges frames addressed to the well-known DSG MAC Address(es) to 
the eSTB. (N.B., if embedded security [no CableCARD], then the message is sent 
to the eSTB.) 

7. If there is a CableCARD present, the DSG frames are bridged to it and the 
CableCARD does whatever it needs to do to execute the message, which may 
include communicating with the STB host. 

In the Phase 1 of the project, messages from the DE-STB Controller will be addressed to 
a "helper" address in a router in the IP network. The router helper will replicate the 
messages and forward copies of it to each DSG function as shown in the diagram below. 
The helper will have 8 input unicast IP addresses, one for each DSG tunnel. The helper 
will replicate messages from an input IP address to many output unicast IP addresses 
associated with DSG tunnels on each CMTS. 

4.5.2.2 OAM&P Two-Way traffic (IPPV Polling Services) 

The Impulse Pay Per View (IPPV) polling service is implemented in the legacy system as 
part of the OAMP network. 

In the legacy network, the STB Controller programs each STB with a number of "credits" 
which allow the subscriber to view programming without having paid for that 
programming yet. The number of credits in the STB is generally based on that 
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subscribers' billing history. Once the subscriber chooses to view a program, the STB 
stores that event and decrements the number of credits accordingly. 

On a periodic basis (weekly or monthly), the STB Controller polls each STB for IPPV 
purchase information. The polling request is formulated in the STB Controller and sent 
on the legacy OOB channel. The STB replies by sending a message on the legacy return 
path to the STB Controller with information about IPPV programming that has been 
requested through the STB. The STB Controller aggregates IPPV purchase information 
from the STBs and forwards this to the STB Controller for billing. 

The STB Controller may send an IPPV poll request to a particular STB (e.g. in the case 
where a customer terminates their IPPV service and a purchase information must be 
collected outside the normal polling window.) 

In the STB-CP system, the DE-STB Controller will create polling requests. The DE-STB 
Controller will address these messages to a unicast IP address for a DE-STB and forward 
them to its default route in the Gateway. The Gateway will forward the packets to the 
CMTS. At the CMTS, the layer 3 forwarder will inspect the IP address and forward that 
packet to the correct downstream. Note this packet does not go on a DSG tunnel. 

The eCM in the DE-STB will bridge this packet to the DE-STB entity. The DE-STB will 
process the packet as needed and format a reply that is then IP unicast from the DE-STB 
IP address to the STB Controller. 

A step-by-step description of the steps is as follows. 

1 . The DE-STB Controller does a DNS query with the name of the DE-STB as the 
argument. The DNS server replies with the IP address of the specific DE-STB. 

2. The DE-STB Controller generates an IP packet for a specific DE-STB. 

3. The DE-STB Controller addresses the packet to the DE-STB and uses it's IP 
address as the source address. 

4. This packet will be L3 forwarded to the proper CMTS. 

5. The CMTS will L3 forward the packet to the appropriate downstream. Note, the 
packet is not carried on a DSG tunnel. 

6. The eCM bridges the packet to the eSTB, which passes it to either the embedded 
security function (or the CableCARD). 

7. The security function processes the packet and formulates a reply. 

8. The reply packet is addressed IP unicast to the DE-STB Controller, using the 
eSTB IP address as the source address. (If a CableCARD is present, it is assumed 
to use the IP address of the STB). 

9. The eSTB sends the packet to the eCM which places it on the upstream. 

10. The CMTS will Layer 3 forward the packet back to the DE-STB Controller. 

1 1. The DE-STB Controller processes the reply, including forwarding appropriate 
information back to the eSTB. 



18 



4.5.2.3 Two-Way Application Signaling 

Application signaling will not traverse a forward path DSG tunnel. 

Two-way VOD service is implemented in the legacy system as part of the application 
network. Messages sent between the VOD controller and the STB traverse the legacy 
communications channel (OOB + return path). 

In the STB-CP system, the eSTB has a functioning IP stack. The interactive application 
on the eSTB learns the IP address of the application server (in the headend) using a 
method appropriate to the application. The interactive application will address packets to 
the application server and will use the IP address of the eSTB as the source IP address. 
The packet is placed on the DOCSIS return path and the layer 3 forwarder in the CMTS 
sends the packet to the application network. The application server replies by addressing a 
packet to the eSTB BP address. The packet goes from the application server to the CMTS 
layer 3 forwarder and onto the DOCSIS forward path. Note, these messages do not 
traverse the forward path DSG tunnel. The eSTB receives the packet and based on port 
number, forwards it to the VOD application. 

4.5.3 DSG Function 

Requirements for the DSG function are included in [DOCSIS4]. 

In Phase 1 of the project, there must be minimally a single DSG function per CMTS 
chassis. When this DSG function receives a packet, it will place that packet on the 
appropriate forward path DSG tunnel on each downstream interface on that CMTS 
chassis. 

For Phase 2 of the project, the CMTS should implement the DSG function with finer 
granularity. That is, there should be the capability to support one DSG function per 
CMTS blade and even one DSG function per downstream RF port. With this finer 
granularity, the DSG will place packets on the appropriate forward path DSG tunnel on 
the downstream interfaces with which it is associated. 

4.6 Protocol Interfaces 

4.6.1 IP Protocol Version 

IPv4 is required. IPv6 syntax should be supported in all MEBs. 

4.6.2 Legacy Network Protocols 

This architecture permits migration of the set top box control plane from legacy network 
protocols to well-known standards-based (IETF) protocols (e.g., BP and DOCSIS). 



4.7 Provisioning Considerations 



4.7.1 Horn s-Passed Databas 

Neither auto-discovery nor self-provisioning of DE-STBs is considered in this 
architecture, although the architecture should not preclude such functions being supported 
by the legacy protocols and implemented in the future. 

The DE-STB is known to the billing system at time of deployment. Based on the street 
address of the customer account where the DE-STB is deployed, the DE-STB Controller 
will be aware of how to communicate with that DE-STB. 

4.7.2 DE-STB Entities 

The DE-STB is provisioned by several entities, including the legacy OAM&P systems 
and the IP services back-office. 

OAM&P provisioning is sent to the DE-STB over DSG tunnel(s) on the DOCSIS forward 
path. 

IP services provisioning is sent to the DE-STB over the two-way DOCSIS connection, 
and not inside any DSG tunnels. 

4.7.3 IP Addressing 

4.7.3.1 Subnet Plan 

Within the DE-STB, the eCM and eSTB can receive IP addresses from separate subnets. 
The possibility that an application in the eSTB will require a public IP address should not 
be precluded by the architecture. 

4.7.3.2 DE-STB IP Addresses 

The DE-STB has at least two IP addresses, and possibly three, as show in the Figure 
below. 
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Figure 6. DE-STB IP Addressing Model 

There is the possibility applications in the DE-STB will need a public IP address in which 
case a third Ethernet MAC address will be used for the assignment. 
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4.7.4 DHCP Relay Agent (CMTS) 

The architecture assumes a unified provisioning system for HSD and STB-CP devices. 

4.7.5 Boot Sequence Exp ctations 

When the eCM boots, the CMTS DHCP relay agent forwards the DHCP DISCOVER to 
the DHCP server. The DHCP server knows it's an eCM (based on DHCP options) and 
assigns it to the correct IP subnet. 

When the eSTB boots, the same CMTS DHCP relay agent forwards the DHCP 
DISCOVER to the DHCP server. The DHCP server knows it is an eSTB (based on 
DHCP options) and assigns it in the correct subnet. 

A standard TFTP server is used to serve up configuration files for the eCM, using normal 
DOCSIS procedures. In Phase 2, the eSTB will receive a separate configuration file. 

4.7.6 HSD CM Configuration File 

The eCM will implement all DOCSIS 1.1 functionality, including the configuration file. 

4.7.7 STB Configuration File 

Li Phase 1, the eSTB can be configured via TLVs in the eCM configuration file. 

4.7.8 DE-STB initialization Steps 

4.7.8.1 Overview 

The eCM and eSTB maintain a relationship with each other during the initialization 
process. The eCM completes the normal DOCSIS provisioning process, including 
initializing BPI+, with the additional step of interpreting the DTD message and passing 
frames from the DSG tunnel(s) to the eSTB. The eSTB goes through a two-step 
initialization process. The first is a one-way initialization based on information received 
from the DSG tunnels. The second initialization, which is not required for one-way eSTB 
operation, gets an IP address and optionally time and configuration information to the 
STB that enables it to work in a two-way mode. 

In Phase 1, the DSG tunnel MAC addresses are known to the DE-STB at time that box is 
deployed. In a later phase, there will be requirements for the DE-STB to learn the DSG 
tunnel MAC addresses from either the CableCARD or the network. 

4.7.8.2 Cable Modem Initialization 

The eCM will use DHCP options 60 and 43 to identify its capabilities to the network. 

4.7.8.3 DE-STB Initialization 

The eSTB will use DHCP options 60 and 43 to identify its capabilities to the network. 

4.7.8.4 CableCARD Initialization 

In Phase 1, embedded security will be used. 
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4.7.9 DE-STB Softwar Upgrad 

In Phase 1, the DE-STB will use a single software image that bundles STB code, eCM 
code, and application code. It may be possible to update one or more of these pieces of 
code independent of the others. 

In Phase 1, software download will use legacy network procedures. In Phase 2, the DE- 
STB will support both an in-band DSM-CC carousel and DOCSIS secure software 
download to load new operating software. 

4.8 Management Considerations 

In Phase 1, the eCM must be fully compliant to the DOCSIS 1.1 specification. The eSTB 
will support MEBs as per the provisioning specification [STB-CP2]. 

4.9 DE-STB Considerations 

4.9.1 eCM Relationship to DOCSIS 

Phase 1 must support DOCSIS 1.1 hardware. Phase 2 must support DOCSIS 2.0 
hardware. 

4.9.1.1 Relationship to eDOCSIS 

Since an embedded CM (eCM) is used, the system must be in alignment with the 
eDOCSIS specification [DOCSIS3]. The eDOCSIS specification does not include eSTBs. 
However, the eDOCSIS guidelines should be followed to define the logical interface 
between the eSTB and the eCM. 

4.9.2 eSTB Relationship to OpenCable 

OCAP and CableCARD support is not required in Phase 1. 

[OC1] Chapter 13 must be followed, as modified by the specifications for use of the DTD 
message as described in [DOCSIS4]. 

4.9.3 Relationship to CableHome 

CableHome™ support is not required in Phase 1. 

4.9.4 LAN Interfaces 

The eSTB does not support CPE interfaces. 

4.9.5 eCM operational differences from DOCSIS 

The eCM embedded in an DE-STB operates differently than a CM used for HSD. These 
differences are described both in the Comcast DSG STB specification.. 



4.10 Security Considerations 

4.10.1 VOD Controller and STB Controller-to-CMTS Conn ction 

In Phase 1, firewall and access control lists (ACLs) will be used to enforce traffic policy 
between the Gateway (Video network) and CMTS. 

The following are requirements for security on this connection: 

1. Under no circumstances can unauthorized traffic make it onto a forward path DSG 
tunnel. 

2. Under no circumstances can unauthorized traffic make it from the HSD Network 
into the OAM&P application networks. 

3. The DE-STB and DSG functions must work when CMTS features such as Return 
Path Verify and Cable Source Verify are enabled. 

4.10.2 Role of BPI+ 

BPI+ is used for both eCM device authentication and for privacy for two-way traffic. 
Since BPI+ does not, operate over the DSG tunnels, the supplier must secure OOB 
messages within the DSG tunnels as needed. 

While embodiments of the invention have been illustrated and described, it is not 
intended that these embodiments illustrate and describe all possible forms of the 
invention. For example, components referred to herein as singular items could 
alternatively be implemented as multiple items. The words used in the specification are 
words of description rather than limitation, and it is understood that various changes may 
be made without departing from the spirit and scope of the invention. 
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